Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2017/07/12 12:0 a.m.•33 views

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-22679)

Microsoft Internet Explorer is a popular WEB browser. A memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to exploit the vulnerability by presenting a specially crafted web page and tricking the user into parsing it, which could cause the applicati...

7.6CVSS7.8AI score0.58078EPSS
Exploits2References1
CNVD
CNVD
•added 2017/07/07 12:0 a.m.•33 views

Joomla! cross-site scripting vulnerability (CNVD-2017-22326)

Joomla! CMS is a U.S. Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A cross-site scripting vulnerability exists in Joomla! CMS versions 1.7.3 to 3.7.2, which stems from a lack of cross-site...

6.1CVSS6.5AI score0.02208EPSS
Exploits0References1
CNVD
CNVD
•added 2017/07/05 12:0 a.m.•33 views

Alpine Linux's package manager buffer error vulnerability

Alpine Linux's package manager apk is a package management tool for Linux. The tool is used to install, upgrade or remove software on a running system. A heap buffer overflow vulnerability exists in Alpine Linux's package manager. A remote attacker can exploit this vulnerability by creating a...

7.8CVSS7.9AI score0.03234EPSS
Exploits2References1
CNVD
CNVD
•added 2017/06/21 12:0 a.m.•33 views

Libffi Arbitrary Code Execution Vulnerability

libffi is an external function interface library. An arbitrary code execution vulnerability exists in libffi. An attacker can exploit the vulnerability by overwriting the stack and triggering arbitrary code execution...

7CVSS8.3AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
•added 2017/05/24 12:0 a.m.•33 views

libplist 'parse_string_node()' local heap buffer overflow vulnerability

libimobiledevice is a software protocol library and tool that allows Linux to support connectivity to iOS devices such as the iPhone, iPodTouch, etc. libplist is one of the libraries that handles the Apple Property List format in binary or XML format. A local heap buffer overflow vulnerability...

5CVSS6.8AI score0.00532EPSS
Exploits1References1
CNVD
CNVD
•added 2017/05/23 12:0 a.m.•33 views

Cairo denial of service vulnerability

Cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports doing 2D drawings in multiple contexts and provides high-quality display and printouts. A denial of service vulnerability exists in Cairo version 1.15.4. A...

5.5CVSS6.8AI score0.01839EPSS
Exploits0References1
CNVD
CNVD
•added 2017/05/17 12:0 a.m.•33 views

PHP Denial of Service Vulnerability (CNVD-2017-06940)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

9.8CVSS6.6AI score0.07191EPSS
Exploits1References1
CNVD
CNVD
•added 2017/04/06 12:0 a.m.•33 views

LightDM Directory Traversal Vulnerability

LightDM is a set of desktop display managers for Linux desktops. A directory traversal vulnerability exists in the debian/guest-account.sh file in LightDM 1.22.0 and earlier versions. A local attacker can use this vulnerability to obtain the location of an arbitrary directory path and elevate...

7.3CVSS7.3AI score0.02669EPSS
Exploits5References1
CNVD
CNVD
•added 2017/04/06 12:0 a.m.•33 views

ZyXEL EMG2926 Router Remote Command Execution Vulnerability

The ZyXEL EMG2926 is a router manufactured by Hutchinson Technology. The ZyXEL EMG2926 router suffers from an unauthenticated remote command execution vulnerability. The nslookup function is not sufficiently filtered, allowing an unauthenticated attacker to remotely execute arbitrary code...

9CVSS7.9AI score0.37634EPSS
Exploits5References1
CNVD
CNVD
•added 2017/03/16 12:0 a.m.•33 views

Microsoft Office Memory Corruption Vulnerability (CNVD-2017-03523)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft company. A memory corruption vulnerability exists in Microsoft Word version 2016. A remote attacker can exploit this vulnerability by tricking a user into opening a specially crafted file to execu...

9.3CVSS7.8AI score0.16607EPSS
Exploits0References1
CNVD
CNVD
•added 2016/12/26 12:0 a.m.•33 views

Libming Heap Buffer Overflow Vulnerability

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A heap buffer overflow vulnerability exists in libming version 0.4.7, which originates when the program fails to adequately perform bounds...

5.5CVSS6.7AI score0.01759EPSS
Exploits1References1
CNVD
CNVD
•added 2016/11/09 12:0 a.m.•33 views

Microsoft SQL Server RDBMS Engine Privilege Escalation Vulnerability

Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. A privilege escalation vulnerability exists in the Microsoft SQL Server RDBMS engine. An attacker can...

8.8CVSS7.7AI score0.11994EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/18 12:0 a.m.•33 views

TLS SHA-1 Spoofing Attack Vulnerability

TLS full name Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating applications. A security vulnerability exists in SHA-1 in TLS version 1.2. This vulnerability can be exploited by an attacker to perform spoofing attacks...

5.9CVSS9.3AI score0.00938EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/16 12:0 a.m.•33 views

Microsoft Windows GDI Component Information Disclosure Vulnerability

Microsoft Windows is a popular operating system. An information disclosure vulnerability exists in the Microsoft Windows GDI component that fails to properly handle objects in memory, which could be exploited by remote attackers to obtain sensitive system information...

5.5CVSS5.1AI score0.53653EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/13 12:0 a.m.•33 views

Redis Out-of-Bounds Remote Code Execution Vulnerability

Redis is a set of open source written in ANSI C , network support , memory-based can also be persistent log-type , key-value store database , and provides a variety of languages API. A remote code execution vulnerability exists in Redis that can be exploited by an attacker to execute arbitrary co...

9.8CVSS9.7AI score0.14834EPSS
Exploits2References1
CNVD
CNVD
•added 2016/10/12 12:0 a.m.•33 views

X.Org libXi Denial of Service Vulnerability (CNVD-2016-08890)

X.Org libXi is an X input extension library operated by the X.Org Foundation. A security vulnerability exists in X.Org libXi, which can be exploited by attackers to cause a denial of service out-of-bounds memory access or infinite loop...

7.5CVSS6.8AI score0.03EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/12 12:0 a.m.•33 views

X.Org libXfixes Integer Overflow Vulnerability

X.Org libXfixes is a library of X11-based fixes extensions operated by the X.Org Foundation. An integer overflow vulnerability exists in X.Org libXfixes version 5.0.2 and earlier, which can be exploited to execute arbitrary code and potentially cause a denial of service...

9.8CVSS8AI score0.03395EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/02 12:0 a.m.•33 views

Red Hat oVirt Engine Information Disclosure Vulnerability (CNVD-2016-07080)

Red Hat oVirt Engine is an open source virtualization management platform from Red Hat Red Hat, an open source version of RHEV Platform for Enterprise Virtualization, consisting of the oVirt-node client and the overt-engine management side . An information disclosure vulnerability exists in Red H...

3.3CVSS6.2AI score0.00346EPSS
Exploits0References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•33 views

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-06256)

Internet Explorer is a web browser from Microsoft. Microsoft Internet Explorer 11 does not properly handle memory objects and suffers from a memory corruption vulnerability, which could allow a remote attacker to execute arbitrary code or cause a denial of service via a constructed Web site...

7.6CVSS7.9AI score0.51804EPSS
Exploits1References1
CNVD
CNVD
•added 2016/08/04 12:0 a.m.•33 views

Adobe Flex Buffer Overflow Vulnerability

Adobe Flex is the United States of America Odobie Adobe company's set of free, open source framework for building and maintaining Web applications. A buffer overflow vulnerability exists in the yygetnextbuffer function in Adobe Flex. A remote attacker could exploit this vulnerability to cause a...

9.8CVSS9.3AI score0.08767EPSS
Exploits0References1
CNVD
CNVD
•added 2016/07/14 12:0 a.m.•33 views

Microsoft Office Remote Code Execution Vulnerability (CNVD-2016-04951)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office, which originates from the program failin...

5.5CVSS8.4AI score0.16423EPSS
Exploits0References1
CNVD
CNVD
•added 2016/06/16 12:0 a.m.•33 views

Microsoft Windows Graphics Component Information Disclosure Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An information disclosure vulnerability exists in the Graphics Component for Microsoft Windows GDI32.dll that originates from a program's failure to properly handle objects in memory. A remote attacker ...

4.3CVSS5.1AI score0.24988EPSS
Exploits1References1
CNVD
CNVD
•added 2016/05/15 12:0 a.m.•33 views

OpenJPEG 'opj_j2k_write_mco' function memory misreference vulnerability

OpenJPEG is a C-based open source JPEG 2000 codec . A memory misreference vulnerability in the 'opjj2kwritemco' function in OpenJPEG's j2k.c file allows remote attackers to exploit the vulnerability to construct a malicious image that could be tricked into being parsed by the user, crashing the...

9.8CVSS9.3AI score0.02963EPSS
Exploits0References1
CNVD
CNVD
•added 2016/03/02 12:0 a.m.•33 views

Red Hat PolicyKit pkexec Command Execution Vulnerability

Red Hat PolicyKit is a tool from Red Hat for privilege control of applications on Unix-compatible systems. A security vulnerability exists in the pkexec command in Red Hat PolicyKit 0.113 and earlier versions. An attacker could exploit the vulnerability to execute arbitrary commands with user...

7.8CVSS9.1AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2016/01/07 12:0 a.m.•33 views

Ubuntu Vivid Local Privilege Vulnerability

Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation.Vivid is a development code name for Ubuntu. A local exploit exists in Ubuntu Vivid. A local attacker could exploit this vulnerability to gain elevated privileges...

7.8CVSS7AI score0.01047EPSS
Exploits3References1
CNVD
CNVD
•added 2015/12/01 12:0 a.m.•33 views

Ultimate Member WordPress Plugin Reflective Cross-Site Scripting Vulnerability

Ultimate Member is a plugin for creating online communities and user templates for WordPress. Ultimate Member 1.3.28 and earlier versions do not effectively filter the value of the "refer" HTTP GET parameter of "wp-admin/users.php" when "update" is set to "confirmdelete", which allows an...

6.1CVSS7.4AI score0.021EPSS
Exploits3References1
CNVD
CNVD
•added 2015/11/13 12:0 a.m.•33 views

Symantec Endpoint Protection Manager-RU6-MP3 Arbitrary Java Code Execution Vulnerability

Symantec Endpoint Protection Manager is a centralized manager for Symantec's enterprise-class antivirus software. An arbitrary Java code execution vulnerability exists in Symantec Endpoint Protection Manager version 12.1 prior to 12.1-RU6-MP3, which allows remote attackers to execute arbitrary Ja...

8.5CVSS8.1AI score0.02743EPSS
Exploits0References1
CNVD
CNVD
•added 2015/10/30 12:0 a.m.•33 views

Apple OS X Script Editor Restriction Bypass Vulnerability

OS X formerly Mac OS X is the latest version of Apple's proprietary operating system for the Macintosh computer. iOS is an operating system developed by Apple for mobile devices. A security vulnerability exists in Script Editor in Apple OS X versions prior to 10.11.1. A remote attacker could...

7.5CVSS9.1AI score0.53338EPSS
Exploits8References1
CNVD
CNVD
•added 2015/08/22 12:0 a.m.•33 views

Django Remote Denial of Service Vulnerability

Django is a set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has an unspecified security vulnerability vulnerability that allows a remote attacker can exploit the vulnerabili...

5CVSS7.6AI score0.04928EPSS
Exploits0References1
CNVD
CNVD
•added 2015/07/28 12:0 a.m.•33 views

Joomla! Helpdesk Pro Plugin Information Disclosure Vulnerability

Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. An information disclosure...

5.3CVSS6.1AI score0.09551EPSS
Exploits5References1
CNVD
CNVD
•added 2015/02/13 12:0 a.m.•33 views

u5CMS Cross-Site Scripting Vulnerability

u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A cross-site scripting vulnerability exists in u5CMS. Th...

4.3CVSS6.1AI score0.03284EPSS
Exploits2References1
CNVD
CNVD
•added 2015/02/03 12:0 a.m.•33 views

Blue Coat ProxyClient / Unified Agent Certificate Validation Spoofing Vulnerability

ProxyClient is Blue Coat's recently released WAN optimization software client with integrated security and control features. Blue Coat ProxyClient 3.3.3.3 and versions 3.4.4.10 prior to 3.4.x and Unified Agent prior to 4.1.3.151952 do not properly validate certain certificates, allowing a...

7.1CVSS6.9AI score0.00698EPSS
Exploits0References1
CNVD
CNVD
•added 2014/12/30 12:0 a.m.•33 views

Multiple buffer overflow vulnerabilities in libsndfile 'src/sd2.c'

libsndfile is a C library for reading and writing sound files such as AIFF, AU and WAV through a standard interface. Multiple buffer overflow vulnerabilities exist in libsndfile 'src/sd2.c' because it fails to properly bounds check user-supplied input. This allows an attacker to execute arbitrary...

2.1CVSS8.1AI score0.00581EPSS
Exploits1References1
CNVD
CNVD
•added 2024/11/27 12:0 a.m.•32 views

IrfanView Out-of-Bounds Read Vulnerability

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current proces...

7.8CVSS7AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2024/10/17 12:0 a.m.•32 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...

4.8CVSS6.1AI score0.00268EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/18 12:0 a.m.•32 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19018)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker exploited the vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...

4.4CVSS5.1AI score0.00891EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/01 12:0 a.m.•32 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2024-12550)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A code execution vulnerability exists in Mozilla Firefox, which can be exploited by attackers to execute arbitrary code or cause a denial of service on a vulnerable system using unknown attack vectors...

8.1CVSS7.8AI score0.00859EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/01 12:0 a.m.•32 views

Mozilla Firefox HTTP Header Injection Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an HTTP header injection vulnerability that stems from a Set-Cookie response header being incorrectly executed in a multipart HTTP response, which can be exploited by an...

6.1CVSS6.8AI score0.00743EPSS
Exploits1References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•32 views

IBM Operational Decision Manager Code Issue Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a code issue vulnerability that originates from the ability ...

9.8CVSS7.5AI score0.73398EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•32 views

Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10440)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by a stack buffer overflow in the WebAudio OscillationNode object. An attacker can exploit this vulnerability to cause the browser ...

8.8CVSS7.4AI score0.00662EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•32 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10439)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

4.3CVSS6.9AI score0.00596EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•32 views

Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10432)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by an unchecked return value in the TLS handshake code. An attacker can exploit the vulnerability to cause the NSS TLS method to...

7.5CVSS6.9AI score0.01285EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•32 views

Denial of Service Vulnerability in Multiple Mozilla Products (CNVD-2024-10444)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A denia...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/17 12:0 a.m.•32 views

SQL Injection Vulnerability in Ruiyou Tianyi Application Virtualization System

Xi'an Ruiyou Information Technology Co., Ltd. is a professional virtualization and cloud computing solution provider. A SQL injection vulnerability exists in Ruiyou Tianyi Application Virtualization System, which can be exploited by attackers to obtain database information and execute commands...

7.9AI score
Exploits0
CNVD
CNVD
•added 2024/01/16 12:0 a.m.•32 views

Microsoft Edge (Chromium-based) Security Bypass Vulnerability

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security bypass vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to bypass security restrictions...

6.3CVSS6.2AI score0.00484EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/11 12:0 a.m.•32 views

GetSimple CMS Cross-Site Scripting Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited ...

5.4CVSS6.4AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/11 12:0 a.m.•32 views

TOTOLINK N350RT password parameter buffer overflow vulnerability

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a buffer overflow vulnerability that originates from the failure of the password parameter of the loginAuth function on the /cgi-bin/cstecgi.cgi page to correctly validate the lengt...

8.3CVSS8.6AI score0.01274EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/21 12:0 a.m.•32 views

Adobe ColdFusion Code Execution Vulnerability (CNVD-2023-100310)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion code execution vulnerability can be exploited by an attacker to execute arbitrary code...

9.8CVSS7.5AI score0.80178EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/16 12:0 a.m.•32 views

Google Android elevation of privilege vulnerability (CNVD-2024-10418)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges...

7.8CVSS7.1AI score0.00103EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/27 12:0 a.m.•32 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-76938)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that stems...

7.8CVSS7AI score0.00341EPSS
Exploits0References1
Total number of security vulnerabilities5000